To improve the information security of small and medium-sized enterprises (SMEs), the Information Commissioner's Office (ICO) has called for a new security and certification process to be implemented.

The data protection watchdog made several recommendations as to how the information security of SMEs could be boosted by addressing the "large areas of gaps and overlaps" in the availability of relevant information.

A spokesperson for the office said: "The ICO recognises that SMEs will not have the technical expertise that many larger businesses have at their disposal."

"Many small businesses use personal information, and we recognise that SMEs need practical and concise guidance to help them comply with the law and handle personal information appropriately," the spokesperson added.

Recently, ACS:Law breached data protection by failing to protect its email database as it was trying to recovery from a distributed denial-of-service attack.

During the data protection breach, a file containing credit card details of suspected offenders was released, along with emails written by the firm's boss Andrew Crossley.